Bug 2021576

Summary: traceback blocks reconciliation of helm repository hosted on AWS S3 storage
Product: Red Hat Advanced Cluster Management for Kubernetes Reporter: Felix Dewaleyne <fdewaley>
Component: App LifecycleAssignee: Mike Ng <ming>
Status: CLOSED ERRATA QA Contact: Ruici Hong <ruhong>
Severity: low Docs Contact: bswope <bswope>
Priority: unspecified    
Version: rhacm-2.3CC: fdewaley, jayoung, juhsu, ming, rspagnol, ruhong, xiangli, yuhe
Target Milestone: ---Flags: ruhong: qe_test_coverage+
bot-tracker-sync: rhacm-2.3.z+
Target Release: rhacm-2.4.2   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-22 21:58:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Felix Dewaleyne 2021-11-09 16:34:04 UTC 
Description of the problem:
application synced using helm cannot reconcile due to a traceback

Release version:
2.3

Operator snapshot version:

OCP version:

Browser Info:

Steps to reproduce:
1. set up helm repo on S3 storage based on repo from additional info
2. set reconciliation to medium (15 minutes)
3.observe the management-ingress logs

Actual results:
2021-11-04T11:51:38.633326028Z 2021/11/04 11:51:38 [notice] 31#31: *15801 [lua] oauthproxy.lua:76: validate_access_token_or_exit(): Authorization header found. Attempt to extract token., client: 10.126.8.1, server: _, request: "GET /multicloud/common/applinks/ HTTP/1.1", host: "multicloud-console.apps.cmp-mgmt.example.com", referrer: "https://multicloud-console.apps.cmp-mgmt.example.com/multicloud/applications/sealed-secrets/sealed-secrets?apiVersion=app.k8s.io%2Fv1beta1"
2021-11-04T11:51:38.633326028Z 2021/11/04 11:51:38 [warn] 31#31: *15801 [lua] _G write guard:12: __newindex(): writing a global Lua variable ('_') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
2021-11-04T11:51:38.633326028Z stack traceback:
2021-11-04T11:51:38.633326028Z  /opt/ibm/router/nginx//conf/oauthproxy.lua:77: in function 'validate_access_token_or_exit'
2021-11-04T11:51:38.633326028Z  access_by_lua(nginx.conf:810):4: in main chunk, client: 10.126.8.1, server: _, request: "GET /multicloud/common/applinks/ HTTP/1.1", host: "multicloud-console.apps.cmp-mgmt.example.com", referrer: "https://multicloud-console.apps.cmp-mgmt.example.com/multicloud/applications/sealed-secrets/sealed-secrets?apiVersion=app.k8s.io%2Fv1beta1"


Expected results:
reconciliation passes and changes to the application are brought forward

Additional info:
repo used is based on https://github.com/bitnami-labs/sealed-secrets/tree/main/helm/sealed-secrets
Comment 7 Ruici Hong 2022-01-28 16:30:13 UTC 
Tested and verified on
ACM - 2.4.2-DOWNSTREAM-2022-01-10-07-59-03
OCP - 4.8.2
Comment 8 Ruici Hong 2022-01-28 19:52:07 UTC 
RHACM4K-8954 - Application Lifecycle - HelmRelease should get re-installed/updated when package override values change in subscription
https://polarion.engineering.redhat.com/polarion/#/project/RHACM4K/workitem?id=RHACM4K-8954
Test case created.
Comment 16 errata-xmlrpc 2022-02-22 21:58:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0595